[ssh_x509] pkixssh-10.2 build failure

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Fri May 11 13:49:32 EEST 2018


Hi Roumen,

When I am trying to build OpenSSH, I am getting error.

checking whether OpenSSL has NID_X9_62_prime256v1... yes
checking whether OpenSSL has NID_secp384r1... yes
checking whether OpenSSL has NID_secp521r1... yes
checking if OpenSSL's NID_secp521r1 is functional... configure: error: in
`/openssh/openssh-7.5p1':
configure: error: cannot run test program while cross compiling
See `config.log' for more details
make: *** [openssh-7.5p1/config.h] Error 1

So, when I included ssh_cv_working_secp521r1=false\ argument in configure
in Makefile, the build went fine. But due to this, enable_nistp521=1
couldn't be set leading to ecdh-sha2-nistp521 algorithm not supported by
sshd. I checked in openssh-7.5-p1/configure and there are some changes
w.r.t. nistp521.

Can you suggest what I need to do in order to pass build and also
support ecdh-sha2-nistp521
algorithm?

 main ()
@@ -13149,11 +13287,15 @@
 $as_echo "yes" >&6; }
 		  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if OpenSSL's
NID_secp521r1 is functional" >&5
 $as_echo_n "checking if OpenSSL's NID_secp521r1 is functional... " >&6; }
-		  if test "$cross_compiling" = yes; then :
-   { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross-compiling:
assuming yes" >&5
-$as_echo "$as_me: WARNING: cross-compiling: assuming yes" >&2;}
-			  enable_nistp521=1
+if ${ssh_cv_working_secp521r1+:} false; then :
+  $as_echo_n "(cached) " >&6
+else

+		  if test "$cross_compiling" = yes; then :
+  { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot run test program while cross compiling
+See \`config.log' for more details" "$LINENO" 5; }
 else
   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
@@ -13178,17 +13320,22 @@
 }
 _ACEOF
 if ac_fn_c_try_run "$LINENO"; then :
-   { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
-			  enable_nistp521=1
+  ssh_cv_working_secp521r1=yes
 else
-   { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+  ssh_cv_working_secp521r1=no
+
 fi
 rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
   conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi

+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ssh_cv_working_secp521r1" >&5
+$as_echo "$ssh_cv_working_secp521r1" >&6; }
+		  if test "x$ssh_cv_working_secp521r1" = xyes ; then
+			enable_nistp521=1
+		  fi
+
 else
   { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
 $as_echo "no" >&6; }
@@ -13212,6 +13359,7 @@

 		TEST_SSH_ECC=yes
 		COMMENT_OUT_ECC=""
+		COMMENT_OUT_ECC256=
 	else
 		unsupported_algorithms="$unsupported_algorithms \
 			ecdsa-sha2-nistp256 \
@@ -13224,6 +13372,7 @@

 		TEST_SSH_ECC=yes
 		COMMENT_OUT_ECC=""
+		COMMENT_OUT_ECC384=
 	else
 		unsupported_algorithms="$unsupported_algorithms \
 			ecdsa-sha2-nistp384 \
@@ -13236,6 +13385,7 @@

 		TEST_SSH_ECC=yes
 		COMMENT_OUT_ECC=""
+		COMMENT_OUT_ECC521=
 	else
 		unsupported_algorithms="$unsupported_algorithms \
 			ecdh-sha2-nistp521 \

Thanks & Regards
Mohit Gupta


More information about the ssh_x509 mailing list